Mirrors/hackacad
2
0
Fork 0
mirror of https://github.com/hackacad/bastille.git synced 2025-12-24 03:01:01 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1152 from BastilleBSD/rdr-table-source

Browse Source
This commit is contained in:
tschettervictor
2025-06-20 13:57:31 -06:00
committed by GitHub
parent c8477839fc fe12a24525
commit 0ede2a51e6
4 changed files with 41 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
docs/chapters/subcommands/list.rst
View File

@@ -2,9 +2,9 @@ list
==== ====
List jails, ports, releases, templates, logs, limits, exports and imports and much more List jails, ports, releases, templates, logs, limits, exports and imports and much more
managed by bastille. managed by bastille. See the ``help`` output below.
Using `bastille list` without args will print with all the info we feel is most important. Using `bastille list` without args will print all jails with the info we feel is most important.
Most options can be printed in JSON format by including the ``-j|--json`` flag. Use ``-p|--pretty`` Most options can be printed in JSON format by including the ``-j|--json`` flag. Use ``-p|--pretty``
to print in columns instead of rows. to print in columns instead of rows.
@@ -13,7 +13,7 @@ to print in columns instead of rows.
ishmael ~ # bastille list help ishmael ~ # bastille list help
Usage: bastille list [option(s)] [RELEASE (-p)] [all] [backup(s)] [export(s)] [import(s)] [ip(s)] [jail(s)] [limit(s)] [log(s)] Usage: bastille list [option(s)] [RELEASE (-p)] [all] [backup(s)] [export(s)] [import(s)] [ip(s)] [jail(s)] [limit(s)] [log(s)]
[path(s)] [port(s)] [prio|priority] [state(s)] [template(s)] [path(s)] [port(s)] [prio|priority] [release(s)] [state(s)] [template(s)]
Options: Options:
-d | --down List stopped jails only. -d | --down List stopped jails only.

17
docs/chapters/subcommands/rdr.rst
View File

@@ -34,10 +34,10 @@ The ``rdr`` command includes 4 additional options:
.. code-block:: shell .. code-block:: shell
-i | --interface [interface] Set the interface to create the rdr rule on. Useful if you have multiple interfaces. -d | --destination [destination] Limit rdr to a destination IP. Useful if you have multiple IPs on one interface.
-s | --source [source ip] Limit rdr to a source IP. Useful to only allow access from a certian IP or subnet. -i | --interface [interface] Set the interface to create the rdr rule on. Useful if you have multiple interfaces.
-d | --destination [destination ip] Limit rdr to a destination IP. Useful if you have multiple IPs on one interface. -s | --source [source] Limit rdr to a source IP or table. Useful to only allow access from certain sources.
-t | --type [ipv4|ipv6] Specify IP type. Must be used if -s or -d are used. Defaults to both. -t | --type [ipv4|ipv6] Specify IP type. Must be used if -s or -d are used. Defaults to both.
.. code-block:: shell .. code-block:: shell
@@ -68,6 +68,9 @@ The options can be used together, as seen above.
If you have multiple interfaces assigned to your jail, ``bastille rdr`` will If you have multiple interfaces assigned to your jail, ``bastille rdr`` will
only redirect using the default one. only redirect using the default one.
It is also possible to specify a pf table as the source, providing it exists. Simply use the table
name instead of an IP address or subnet.
.. code-block:: shell .. code-block:: shell
# bastille rdr --help # bastille rdr --help
@@ -75,8 +78,8 @@ only redirect using the default one.
Options: Options:
-d | --destination [destination] Limit rdr to a destination IP. Useful if you have multiple IPs on one interface.
-i | --interface [interface] Set the interface to create the rdr rule on. Useful if you have multiple interfaces. -i | --interface [interface] Set the interface to create the rdr rule on. Useful if you have multiple interfaces.
-s | --source [source ip] Limit rdr to a source IP. Useful to only allow access from a certian IP or subnet. -s | --source [source] Limit rdr to a source IP or table. Useful to only allow access from certain sources.
-d | --destination [destination ip] Limit rdr to a destination IP. Useful if you have multiple IPs on one interface.
-t | --type [ipv4|ipv6] Specify IP type. Must be used if -s or -d are used. Defaults to both. -t | --type [ipv4|ipv6] Specify IP type. Must be used if -s or -d are used. Defaults to both.
-x | --debug Enable debug mode. -x | --debug Enable debug mode.

2
usr/local/share/bastille/list.sh
View File

@@ -34,7 +34,7 @@
usage() { usage() {
error_notify "Usage: bastille list [option(s)] [RELEASE (-p)] [all] [backup(s)] [export(s)] [import(s)] [ip(s)] [jail(s)] [limit(s)] [log(s)]" error_notify "Usage: bastille list [option(s)] [RELEASE (-p)] [all] [backup(s)] [export(s)] [import(s)] [ip(s)] [jail(s)] [limit(s)] [log(s)]"
error_notify " [path(s)] [port(s)] [prio|priority] [state(s)] [template(s)]" error_notify " [path(s)] [port(s)] [prio|priority] [release(s)] [state(s)] [template(s)]"
cat << EOF cat << EOF
Options: Options:

36
usr/local/share/bastille/rdr.sh
View File

@@ -38,11 +38,11 @@ usage() {
Options: Options:
-d | --destination [destination ip] Limit rdr to a destination IP. Useful if you have multiple IPs on one interface. -d | --destination [destination] Limit rdr to a destination IP. Useful if you have multiple IPs on one interface.
-i | --interface [interface] Set the interface to create the rdr rule on. Useful if you have multiple interfaces. -i | --interface [interface] Set the interface to create the rdr rule on. Useful if you have multiple interfaces.
-s | --source [source ip] Limit rdr to a source IP. Useful to only allow access from a certian IP or subnet. -s | --source [source] Limit rdr to a source IP or table. Useful to only allow access from certain sources.
-t | --type [ipv4|ipv6] Specify IP type. Must be used if -s or -d are used. Defaults to both. -t | --type [ipv4|ipv6] Specify IP type. Must be used if -s or -d are used. Defaults to both.
-x | --debug Enable debug mode. -x | --debug Enable debug mode.
EOF EOF
exit 1 exit 1
@@ -108,6 +108,17 @@ check_rdr_ip_validity() {
fi fi
} }
check_rdr_table_validity() {
local table="${1}"
if ! pfctl -t "${table}" -T show > /dev/null 2>&1; then
error_exit "\nInvalid: (${table})."
else
info "\nValid: (${table})."
fi
}
validate_rdr_rule() { validate_rdr_rule() {
local if="${1}" local if="${1}"
@@ -237,6 +248,7 @@ OPTION_IF=0
OPTION_SRC=0 OPTION_SRC=0
OPTION_DST=0 OPTION_DST=0
OPTION_INET_TYPE=0 OPTION_INET_TYPE=0
OPT_SRC_TABLE=0
while [ "$#" -gt 0 ]; do while [ "$#" -gt 0 ]; do
case "${1}" in case "${1}" in
-h|--help|help) -h|--help|help)
@@ -261,9 +273,15 @@ while [ "$#" -gt 0 ]; do
fi fi
;; ;;
-s|--source) -s|--source)
check_rdr_ip_validity "${2}" if echo "${2}" | grep -Eoq "([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+|.*:.*)"; then
check_rdr_ip_validity "${2}"
RDR_SRC="${2}"
else
check_rdr_table_validity "${2}"
OPT_SRC_TABLE=1
RDR_SRC="$(echo "${2}" | sed -e 's/^/</' -e 's/$/>/')"
fi
OPTION_SRC=1 OPTION_SRC=1
RDR_SRC="${2}"
shift 2 shift 2
;; ;;
-t|--type) -t|--type)
@@ -341,8 +359,8 @@ while [ "$#" -gt 0 ]; do
tcp|udp) tcp|udp)
if [ "$#" -lt 3 ]; then if [ "$#" -lt 3 ]; then
usage usage
elif [ "${OPTION_SRC}" -eq 1 ] || [ "${OPTION_DST}" -eq 1 ] && [ "${OPTION_INET_TYPE}" -ne 1 ];then elif [ "${OPTION_SRC}" -eq 1 ] || [ "${OPTION_DST}" -eq 1 ] && [ "${OPTION_INET_TYPE}" -ne 1 ] && [ "${OPT_SRC_TABLE}" -eq 0 ];then
error_exit "[ERROR]: [-t|--type] must be set when using [-s|--source] or [-d|--destination]" error_exit "[ERROR]: [-t|--type] must be set when NOT using a table as [-s|--source] or [-d|--destination]."
elif [ "$#" -eq 3 ]; then elif [ "$#" -eq 3 ]; then
check_jail_validity check_jail_validity
validate_rdr_rule $RDR_IF $RDR_SRC $RDR_DST $1 $2 $3 validate_rdr_rule $RDR_IF $RDR_SRC $RDR_DST $1 $2 $3